Part IV: Professional Database Development
934
After you save and close the project, users attempting to view the application’s code must enter the
password. Access prompts for the project password only once per session.A more secure method of securing your application’s code, forms, and reports is to distribute your
database as an .accde file. When you save your database as an .accde file, Access compiles all
code modules (including form modules), removes all editable source code, and compacts the data-
base. The new .accde file contains no source code but continues to work because it contains a
compiled copy of all your code. Not only is this a great way to secure your source code, but it also
enables you to distribute databases that are smaller (because they contain no source code) and
always keep their modules in a compiled state.Understanding macro security
You’ve probably had experience at some point with a virus attack on your computer. Or most
likely, you know someone who has. It goes without saying that installing and running a virus scan-
ning utility on your workstation, and keeping its virus signatures up to date, are imperative. Even
though you may be very careful about keeping your virus scanner up to date, new viruses crop up
all the time. So, you have to be proactive about protecting your applications and sensitive data
from exposure to these kinds of attacks.When you run forms, reports, queries, macros, and VBA code in your application, Microsoft
Access uses the Trust Center to determine which commands may be unsafe and which unsafe com-
mands you want to run. From the Trust Center’s perspective, macros and VBA code are “macros”
and shouldn’t be trusted by default. Unsafe commands could allow a malicious user to hack into
your hard drive or other resource in your environment. A malicious user could possibly delete files
from your hard drive, alter the computer’s configuration, or generally create all kinds of havoc in
your workstation or even throughout your network environment.Each time a form, report, or other object opens, Access checks its list of unsafe commands. By
default, when Access encounters one of the unsafe commands, it blocks the command from execu-
tion. To tell Access to block these potentially unsafe commands, you must enable sandbox mode.Enabling sandbox mode
Sandbox mode allows Access to block any of the commands in the unsafe list it encounters when
running forms, reports, queries, macros, data access pages, and Visual Basic code:- Open Access, click the Microsoft Office button, and select Access Options.
The Access Options dialog box appears.
- Select the Trust Center tab, and then click Trust Center Settings.
The Trust Center dialog box appears.
- Select the Macro Settings tab (shown in Figure 26.23).
- Select either Disable All Macros without Notification or Disable All Macros with
Notification.